ANDROID: pkvm: x86: Pre-populate pgstate pgt if protected VM has passthrough device

The pgstate_pgt should be pre-populated before a passthrough device of
protected VM to trigger any DMA. This is done when the first time of
handling shadow EPT violation as before device driver triggers DMA, it
will cause EPT violation through accessing its MMIO, so before creating
any shadow EPT mapping, populate the pgstate_pgt first. The populating
is done through a sync map API which creates the same mappings between
two page tables with desired property bits.

Bug: 395299836
Test: Boot, verify cpus are de-privileged and run a minimal protected vm.

Change-Id: I1576607208104cdb2c74267b8d4d044a11a842a9
Signed-off-by: Chuanxiao Dong <chuanxiao.dong@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Signed-off-by: Vineeth Pillai <vineethrp@google.com>